Deployment Architecture

splunk gets confused after log is rotated by my app server restart

New Member

My app server gets restarted once a day. Sometimes, Splunk will treat individual lines as unique log entry. So what should be one log entry becomes multiple log entries. For example,

The below log should be one log but shows up as 4 log entries in Splunk.

[Date] [Time] [ERROR] message line 1
message line 2
message line 3
message line 4

Can anyone advice me on fixing this occasional issue?

0 Karma

New Member

My log entry line break is not showing up. This is how it should look like

[Date] [Time] [ERROR] message line 1
message line 2
message line 3
message line 4

0 Karma